On This Page

Signed URLs and Token Auth with a Live Stream

In this topic, you will learn about using signed URLs and token auth to prevent end users from being able to play back your live stream without proper authorization.

Overview

If you are delivering premium or confidential content, you will be looking for all ways to ensure it remains secure. You do not want end users to be able to copy video URLs or continue to play back content without the proper authorization. Brightcove supports signing of RTMP, HLS, and DASH URLs.

If you will be generating your own token, there is one step to this process. If you want the Live system to generate a tokenized URL, there are two steps, detailed in the sections that follow, required to enable token authentication for live streams.

Step 2: After the live job is created

Only complete this step if you are not creating your own token and instead want the Live API to generate a tokenized URL.

After the live job is created, you need to make another request to generate the master manifest URLs. To do this, send a POST request to:

https://api.bcovlive.io/v1/jobs/JOB_ID/authurls

Include the following JSON as the request body:

{
"ttl": number in seconds for time to live
}

Notes

The ttl value for both steps above should be equal to or greater than the DVR window - otherwise the DVR window will be limited to the ttl value

Both http and https are supported

The token_name must be 5-12 characters and must match what is configured in Akamai

start_time is optional and can be "now" (the default) or an epoch time value in seconds

end_time is optional and can be an epoch time value in seconds - either end_time or ttl is required; if not specified, ttl is assumed to be the greater of live_dvr_sliding_window_duration and vod_sliding_window_duration